Home > blogpost > Apache + SVN + LDAP

Apache + SVN + LDAP

June 6th, 2009 Leave a comment Go to comments

Just because I always forget:

<VirtualHost 192.168.1.34:7000>
    <Location />

        DAV svn
        SVNPath /data/svn

        SVNReposName    "Subversion"
        AuthName        "Authenticate for Subversion"

        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative on
        AuthLDAPUrl ldap://192.168.1.33/dc=kerneldump,dc=org?uid
        Require ldap-group cn=svnusers,ou=Group,dc=kerneldump,dc=org
        AuthLDAPGroupAttribute memberUid
        AuthLDAPGroupAttributeIsDN off
        Order deny,allow
        Allow from all

    CustomLog /var/log/httpd/svn_access_log combined
    ErrorLog  /var/log/httpd/svn_error_log
  </Location>
</VirtualHost>

Put this in an configuration file like mysvn.conf and include it in your httpd.conf file. This creates an virtualhost on port 7000 with immediately in the root the subversion repository. Of course you need to configure your LDAP configuration. Or need to use basic authentication.

For security purposes not every LDAP user is allowed, you need to be member of the svnusers group.

UPDATESome extra information regarding permissions you can add authzAccessFile authorization file

AuthzSVNAccessFile /path/to/svn/conf/authz

and in the authz file you create something like:

[groups]
Developers = foo,bar
Deployers = joe
# Allow Developers to write, Branchers to read and disallow the rest
[/trunk]
@Developers = rw
@Branchers = r
* =
# Allow branchers to tag and branche, make the rest world writable
[/tags]
@Branchers = rw
* = r
[/branches]
@Branchers = rw
* = r
Tags: , , ,
  1. No comments yet.
  1. No trackbacks yet.